Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Running Untrusted Code in Node
Search
Dave Wasmer
February 25, 2014
Technology
0
290
Running Untrusted Code in Node
Running untrusted code in Node in a safe mode while handling the lode.
Dave Wasmer
February 25, 2014
Tweet
Share
More Decks by Dave Wasmer
See All by Dave Wasmer
The Future is Now: Ember in 2018
davewasmer
0
72
UX Mental Models
davewasmer
4
450
Enterprise and Mobile Web
davewasmer
0
74
Kinvey @ PhoneGap Day US
davewasmer
1
150
Other Decks in Technology
See All in Technology
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
750
推しは推せるときに推せ! プロダクトにフィードバックしていこう
nakasho
0
320
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
200
Building Dashboards as a Hobby
egmc
0
220
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
4
920
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
320
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
900
IaCジェネレーターとBedrockで詳細設計書を生成してみた
tsukasa_ishimaru
1
240
私が trocco を推す理由
__allllllllez__
1
230
On Your Data を超えていく!
hirotomotaguchi
2
690
Janus
bkuhlmann
1
490
ServiceNow Knowledge Learning Rise up
manarobot
0
210
Featured
See All Featured
Navigating Team Friction
lara
178
13k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k
Testing 201, or: Great Expectations
jmmastey
28
6.4k
Faster Mobile Websites
deanohume
299
30k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
We Have a Design System, Now What?
morganepeng
43
6.8k
Building an army of robots
kneath
300
41k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
14
1.6k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
241
1.2M
Imperfection Machines: The Place of Print at Facebook
scottboms
260
12k
Producing Creativity
orderedlist
PRO
337
39k
Creatively Recalculating Your Daily Design Routine
revolveconf
210
11k
Transcript
Running untrusted code in Node in a safe mode while
handling the lode
lode?
Dave Wasmer @davewasmer Developer @ Kinvey yep, this slide …
Kinvey Backend as a service … and this one.
What goes into backend as a service?
None
Lots o’ stuff • Data storage • User management •
Twitter, Facebook, G+, LinkedIn • OAuth, LDAP, Active Directory • File storage • don’t forget CDN delivery • Push notifications • Emails • 3rd Party API Integration • Analytics • a whole lot more ..
What if CRUD ain’t enough?
enter: Business Logic!
Run your code on our servers
Custom JavaScript execution?!
eval(customerCode); // Genius, mirite? NO!
The Problem We needed a safe, scalable way to run
arbitrary (possibly malicious) JavaScript on our servers.
Safety • Can’t allow access to: • filesystem • shared
memory • Kinvey internals • State is evil!
Scalablity • Needs to scale horizontally • i.e. spin up
new instances on-demand • automatically add to resource pool • Optimize for usage • not running huge computations - short, frequent bursts of activity • 2x per API request is possible!
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability Work Master Child Child Child Child
Safety Concerns • How to run arbitrary JS code? •
Three issues • System access (filesystem, network, etc) • Application access (application state, data, etc) • Stupidity / DoS (while (true), forgot to signal async completed)
System access • Filesystem • Severely limited or none •
Network • Partially limited
Our solution to system access ! // Setting things up
! try { script = vm.createScript(codeAsStr); } catch (e) { // syntax error! } ! sandbox = generateNewSandbox()
generateNewSandbox = function(){ ! var sandbox = {}; sandbox.complete =
function(){ runNextTask(); }; sandbox.whateverYouWant = function(){ ... } return sandbox; ! } Our solution to system access
! // Running the untrusted script try { script.runInNewContext(sandbox) }
catch (e) { // e will be any immediate (synchronous) // runtime errors } Our solution to system access
Application access • Data • Permissions
Our solution to application access ! // inside generateNewSandbox() !
sandbox.db = { find: function(query, callback) { // do db stuff callback(null, result) // <- Careful! }, ... }
Stupidity / DoS • while (true) {} // single-threaded ftw!
• function onPreSave(req, res, modules) { doSomeAsyncStuff() } // kthxbai • function doSomeAsyncStuff() { setTimeout(function(){ throw new Error() }, 100000); // muhahaha }
Our solution to stupidity / DoS Work Master Child Child
Child Child
Our solution to stupidity / DoS Work Master Child Child
Child Child
Our solution to stupidity / DoS ! // For handling
callback errors process.on(‘uncaughtException’, function(){ // handle it here });
Wrap-up